Top 5 Insights from the 2022 CeFPro Vendor & Third Party Risk USA Conference

The S&P Global Know Your Third Party (KY3P®) team recently sponsored the 7th Annual Vendor & Third Party Risk USA organized by the Center for Financial Professionals. The two-day event attracted an audience of more than 150 professionals across financial institutions. There were presentations and panel discussions on crucial risk domains, including: Regulation, Business Continuity & Resilience, ESG, Strategic Sourcing, Cyber, Fourth Party, FinTech, and Mergers & Acquisitions.

Here are key insights from the event:
1. Annual due diligence assessments of third parties are no longer sufficient for critical relationships. Mature Third Party Risk Management (TPRM) programs require continuous monitoring with intelligent automation to manage the data and workflow. Real-time insights are needed to assess and manage risks posed by critical relationships effectively.

2. Outsourcing your TPRM function allows you to focus on managing risk without managing a process. A managed service will enable you to focus on high-value activities and outsource low-value ones. Managing the risk is a rewarding and attractive job function. It includes a career trajectory with growth opportunities, that enable you to attract and retain talent in TPRM.

3. Environmental, Social, and Governance (ESG) risk is currently associated with reputational risk and measured against goals. ESG is going to be "big" as regulators provide clarity on measurable targets and specific requirements. Diverse suppliers may not have the resources or capabilities to meet requirements on day one, but organizations are encouraged to help various suppliers implement controls where gaps exist today.

4. Concentration risk analysis should be completed for third and fourth parties. A multi-pronged approach to identifying fourth parties includes capturing information in your inherent risk questionnaire profile, obtaining details from your due diligence questionnaire outreach, a review of SOC reports, and data from external providers. An inventory of fourth-party information is needed to query and determine the potential impact of industry-wide events quickly.

5. Successful TPRM professionals must build relationships across their business to influence without authority. It is essential to bring all stakeholders together at the beginning of a relationship to ensure the connection is categorized correctly and that it can be supported appropriately. TPRM professionals must communicate effectively, educate stakeholders, and socialize the risks.

How S&P Global KY3P® can help:
KY3P® helps you manage your end-to-end vendor portfolio lifecycle on a single platform with on-demand, multi-dimensional vendor risk assessments. Our tools let you continuously monitor risk through partnerships with industry-leading data providers specializing in financial health, cybersecurity ratings, data-breach analysis, location risk, and more. Our managed services scale your third-party risk management program while minimizing constraints caused by the difficulties of attracting and retaining risk management teams.

Find out more by visiting KY3P®

Posted 17 June 2022 by Charles Basner, Director, Product Management, KY3P, S&P Global Market Intelligence

S&P Global provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.

This article was published by S&P Global Market Intelligence and not by S&P Global Ratings, which is a separately managed division of S&P Global.